Centralized remote migration client credential management

What is claimed is: 1. A method for remotely accessing client computing resources, the method comprising: securely storing, at a secure key store of a cloud-based network, a public key of a public/private key pair, and a credential associated with a user network; encrypting a symmetric key using the public key to generate an encrypted symmetric key; receiving, at the cloud-based network from a user interface configured to facilitate remote control of the user network, a command to be executed at the user network to cause a change at the user network, wherein the user network is remote from the cloud-based network and the user interface; encrypting, by the cloud-based network using the public key, the credential and the command or task to generate an encrypted credential and an encrypted command or task; adding the encrypted command or task to a queue; forwarding, by the cloud-based network to agents installed on a plurality of client devices at the user network, the encrypted credential and the encrypted symmetric key, wherein the agents are unique for a user associated with the plurality of client devices based on a unique ID or handshake and wherein the agents installed on the plurality of client devices are configured to: decrypt the encrypted credential and the encrypted symmetric key using a private key of the public/private key pair; wherein the plurality of client devices are configured to: access, the user network using the credential; obtain the encrypted command or taks from the queue; decrypt the encrypted command or taks using the private key of the public/private key pair; execute the command or tak on the user network to cause the change at the user network, wherein the command or task is a command or task to migrate one or more virtual machines from the user network to the cloud-based network; encrypt a report of the executed command or task using the symmetric key to generate an encrypted report; and add the encrypted report to the queue, wherein the cloud-based network obtains the encrypted report from the queue to view a status indicative of a progress of execution of the command or task. 2. The method of claim 1 , wherein the encrypted credential and command are sent via an HTTPS connection. 3. The method of claim 1 , wherein the user network is protected by a firewall. 4. The method of claim 1 , wherein the credential is one or more of a username, password, or MFA credential. 5. The method of claim 1 , wherein the cloud-based network does not persistently store the credential. 6. The method of claim 1 , wherein the user interface is configured to enable a remote user to send a command for execution at the user network. 7. A system for accessing a user network, the system comprising: one or more data processing units; and a computer-readable memory having encoded thereon computer-executable instructions to cause the one or more data processing units to perform operations comprising: receive, from a cloud-based network by agents installed on the system, an encrypted credential and an encrypted symmetric key encrypted using a public key of a public/private key pair, wherein the encrypted credential is associated with a user network, wherein the agents are unique for a user associated with the system based on a unique ID or handshake and wherein the user network is remote from the cloud-based network; obtain an encrypted command or task from a queue, wherein the command or task is to be executed at the user network to cause a change at the user network, and wherein the command or task is encrypted using public key of the public/private key pair; decrypt, by the agents installed on the system, the encrypted credential using a private key of the public/key pair to determine a decrypted credential and decrypt the command or task using the private key to determine a decrypted command or task; access the user network using the decrypted credential; execute, the decrypted command or task on the user network, wherein the command or task is a command or task to migrate one or more virtual machines from the system to the cloud-based network; encrypt a report of the executed command or task using the symmetric key to generate an encrypted report; and add the encrypted report to the queue to allow the cloud-based network to obtain the encrypted report from the queue to view a status indicative of a progress of execution of the command or task. 8. The system of claim 7 , wherein the credential and command is entered from a user interface configured to facilitate remote control of the user network. 9. The system of claim 7 , wherein the encrypted credential and command are received via an HTTPS connection. 10. The system of claim 7 , wherein the credential is one or more of a username, password, or MFA credential. 11. The system of claim 7 , wherein the private key is stored in a key store on the system. 12. A computing device comprising: one or more data processing units; and a computer-readable memory having encoded thereon computer-executable instructions to cause the one or more data processing units to perform operations comprising: receiving, a public key of a public/private key pair, and a credential associated with a user network, and a symmetric key; receiving, from a a user interface configured to facilitate remote control of the user network, a command or task to be executed at the user network to cause a change at the user network, wherein the user network is remote from the computing device and the user interface; encrypting, using the public key, the credential, the symmetric key, and the command or task to generate an encrypted, an encrypted symmetric key, and an encrypted command or task; adding the encrypted command or task to a queue; forwarding, to agents installed on a plurality of client devices at the user network, the encrypted credential and the encrypted symmetric key, wherein the agents are unique for a user associated with the plurality of client devices based on a unique ID or handshake and, wherein the agents installed on the plurlaity of client devices are configured to: decrypt the encrypted credential and the encrypted symmetric key using a private key of the public/private key pair; wherein the plurality of client devices are configured to: access the user network using the credential; obtain the encrypted command or task from the queue; decrypt the encrypted command or task using the private key of the public/private key pair; execute the command or task on the user network to cause the change at the user network, wherein the command or task is a command or task to migrate one or more virtual machine from the user network to a cloud-based network; encrypt a report of the executed command or task using symmetric key to generate an encrypted report; add the encrypted report to the queue; and obtaining the encrypted report from the queue to view a status indicative of a progress of execution of the command or task.